GCVE - cpe:2.3:h:aterm:wg2600hp2:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:aterm:wg2600hp2:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Aterm (`9b686b85-0a1f-5ef4-8c95-d7aab5adbb44`)
Product	Wg2600Hp2 (`1ffbac8f-b45f-5843-9867-c9f5eddd8ff7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-20622`	not_vulnerable	2026-06-03 14:43:42.546417	Details available Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. Published: 2021-01-28T10:00:29.000Z Updated: 2024-08-03T17:45:44.887Z Open on db.gcve.eu Reference links https://www.aterm.jp/support/tech/2019/0328.html https://jpn.nec.com/security-info/secinfo/nv21-005.html https://jvn.jp/en/jp/JVN38248512/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-20621`	not_vulnerable	2026-06-03 14:43:42.545927	Details available Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Published: 2021-01-28T10:00:29.000Z Updated: 2024-08-03T17:45:44.833Z Open on db.gcve.eu Reference links https://www.aterm.jp/support/tech/2019/0328.html https://jpn.nec.com/security-info/secinfo/nv21-005.html https://jvn.jp/en/jp/JVN38248512/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-12575`	not_vulnerable	2026-06-03 14:36:36.174905	Details available An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d "REQ_ID=SUPPORT_IF_GET"). Published: 2018-08-24T19:00:00.000Z Updated: 2024-08-05T18:43:56.136Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2018/Aug/26 http://jvn.jp/en/jp/JVN38248512/index.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.